documentation:examples:pf_and_carp_lab
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
documentation:examples:pf_and_carp_lab [2017/07/07 00:52] – external edit 127.0.0.1 | documentation:examples:pf_and_carp_lab [2021/11/25 14:04] (current) – [pf synchronisation] olivier | ||
---|---|---|---|
Line 15: | Line 15: | ||
BSD Router Project (http:// | BSD Router Project (http:// | ||
Setting-up a virtual lab with 4 VM(s): | Setting-up a virtual lab with 4 VM(s): | ||
- | - Working directory: /tmp/BSDRP | + | - Working directory: /root/BSDRP-VMs |
- | - Each VM have 1 core(s) and 256M RAM | + | - Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM |
+ | - Emulated NIC: virtio-net | ||
+ | - Switch mode: bridge + tap | ||
- 2 LAN(s) between all VM | - 2 LAN(s) between all VM | ||
- Full mesh Ethernet links between each VM | - Full mesh Ethernet links between each VM | ||
- | VM 1 have the following NIC: | + | VM 1 has the following NIC: |
- | - vtnet0 connected to VM 2. | + | - vtnet0 connected to VM 2 |
- | - vtnet1 connected to VM 3. | + | - vtnet1 connected to VM 3 |
- | - vtnet2 connected to VM 4. | + | - vtnet2 connected to VM 4 |
- vtnet3 connected to LAN number 1 | - vtnet3 connected to LAN number 1 | ||
- vtnet4 connected to LAN number 2 | - vtnet4 connected to LAN number 2 | ||
- | VM 2 have the following NIC: | + | VM 2 has the following NIC: |
- | - vtnet0 connected to VM 1. | + | - vtnet0 connected to VM 1 |
- | - vtnet1 connected to VM 3. | + | - vtnet1 connected to VM 3 |
- | - vtnet2 connected to VM 4. | + | - vtnet2 connected to VM 4 |
- vtnet3 connected to LAN number 1 | - vtnet3 connected to LAN number 1 | ||
- vtnet4 connected to LAN number 2 | - vtnet4 connected to LAN number 2 | ||
- | VM 3 have the following NIC: | + | VM 3 has the following NIC: |
- | - vtnet0 connected to VM 1. | + | - vtnet0 connected to VM 1 |
- | - vtnet1 connected to VM 2. | + | - vtnet1 connected to VM 2 |
- | - vtnet2 connected to VM 4. | + | - vtnet2 connected to VM 4 |
- vtnet3 connected to LAN number 1 | - vtnet3 connected to LAN number 1 | ||
- vtnet4 connected to LAN number 2 | - vtnet4 connected to LAN number 2 | ||
- | VM 4 have the following NIC: | + | VM 4 has the following NIC: |
- | - vtnet0 connected to VM 1. | + | - vtnet0 connected to VM 1 |
- | - vtnet1 connected to VM 2. | + | - vtnet1 connected to VM 2 |
- | - vtnet2 connected to VM 3. | + | - vtnet2 connected to VM 3 |
- vtnet3 connected to LAN number 1 | - vtnet3 connected to LAN number 1 | ||
- vtnet4 connected to LAN number 2 | - vtnet4 connected to LAN number 2 | ||
- | For connecting to VM' | + | To connect |
- | - VM 1 : cu -l /dev/nmdm1B | + | - VM 1 : cu -l /dev/nmdm-BSDRP.1B |
- | - VM 2 : cu -l /dev/nmdm2B | + | - VM 2 : cu -l /dev/nmdm-BSDRP.2B |
- | - VM 3 : cu -l /dev/nmdm3B | + | - VM 3 : cu -l /dev/nmdm-BSDRP.3B |
- | - VM 4 : cu -l /dev/nmdm4B | + | - VM 4 : cu -l /dev/nmdm-BSDRP.4B |
</ | </ | ||
Line 85: | Line 87: | ||
sysrc pflog_enable=YES | sysrc pflog_enable=YES | ||
sysrc pfsync_syncdev=vtnet1 | sysrc pfsync_syncdev=vtnet1 | ||
- | mount -uw / | + | sysrc kld_list="carp" |
- | echo " | + | |
- | mount -ur / | + | |
echo " | echo " | ||
Line 131: | Line 131: | ||
sysrc ifconfig_vtnet4=" | sysrc ifconfig_vtnet4=" | ||
sysrc ifconfig_vtnet4_ipv6=" | sysrc ifconfig_vtnet4_ipv6=" | ||
- | sysrc ifconfig_vtnet4_alias0=" | + | sysrc ifconfig_vtnet4_alias0=" |
sysrc ifconfig_vtnet4_alias1=" | sysrc ifconfig_vtnet4_alias1=" | ||
sysrc pf_enable=YES | sysrc pf_enable=YES | ||
Line 137: | Line 137: | ||
sysrc pflog_enable=YES | sysrc pflog_enable=YES | ||
sysrc pfsync_syncdev=vtnet1 | sysrc pfsync_syncdev=vtnet1 | ||
- | mount -uw / | + | sysrc kld_list="carp" |
- | echo " | + | |
- | mount -ur / | + | |
echo " | echo " | ||
Line 198: | Line 196: | ||
< | < | ||
[root@VM2]~# | [root@VM2]~# | ||
- | vtnet3: flags=8943< | + | vtnet3: flags=8863< |
options=80028< | options=80028< | ||
ether 58: | ether 58: | ||
Line 204: | Line 202: | ||
inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1 | inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1 | ||
inet6 fe80:: | inet6 fe80:: | ||
- | | + | |
- | media: Ethernet 10Gbase-T < | + | |
- | | + | |
carp: MASTER vhid 1 advbase 1 advskew 100 | carp: MASTER vhid 1 advbase 1 advskew 100 | ||
+ | carp: MASTER vhid 2 advbase 1 advskew 100 | ||
+ | media: Ethernet autoselect (10Gbase-T < | ||
+ | status: active | ||
+ | nd6 options=21< | ||
[root@VM2]~# | [root@VM2]~# | ||
- | vtnet4: flags=8943< | + | vtnet4: flags=8863< |
options=80028< | options=80028< | ||
ether 58: | ether 58: | ||
- | inet 10.0.0.2 netmask 0xffffff00 broadcast | + | inet 2.2.2.2 netmask 0xffffff00 broadcast |
- | inet 10.0.0.254 netmask 0xffffffff broadcast | + | inet 2.2.2.254 netmask 0xffffffff broadcast |
inet6 fe80:: | inet6 fe80:: | ||
+ | inet6 2001: | ||
+ | inet6 2001: | ||
+ | carp: MASTER vhid 3 advbase 1 advskew 100 | ||
+ | carp: MASTER vhid 4 advbase 1 advskew 100 | ||
+ | media: Ethernet autoselect (10Gbase-T < | ||
+ | status: active | ||
nd6 options=21< | nd6 options=21< | ||
- | media: Ethernet 10Gbase-T < | ||
- | status: active | ||
- | carp: MASTER vhid 2 advbase 1 advskew 100 | ||
</ | </ | ||
Line 225: | Line 229: | ||
< | < | ||
[root@VM3]~# | [root@VM3]~# | ||
- | vtnet3: flags=8943< | + | vtnet3: flags=8863< |
options=80028< | options=80028< | ||
ether 58: | ether 58: | ||
Line 231: | Line 235: | ||
inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1 | inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1 | ||
inet6 fe80:: | inet6 fe80:: | ||
+ | inet6 2001: | ||
+ | inet6 2001: | ||
+ | carp: BACKUP vhid 1 advbase 1 advskew 200 | ||
+ | carp: BACKUP vhid 2 advbase 1 advskew 200 | ||
+ | media: Ethernet autoselect (10Gbase-T < | ||
+ | status: active | ||
nd6 options=21< | nd6 options=21< | ||
- | media: Ethernet 10Gbase-T < | ||
- | status: active | ||
- | carp: BACKUP vhid 1 advbase 1 advskew 200 | ||
[root@VM3]~# | [root@VM3]~# | ||
- | vtnet4: flags=8943< | + | vtnet4: flags=8863< |
options=80028< | options=80028< | ||
ether 58: | ether 58: | ||
- | inet 10.0.0.3 netmask 0xffffff00 broadcast | + | inet 2.2.2.3 netmask 0xffffff00 broadcast |
- | inet 10.0.0.254 netmask 0xffffffff broadcast | + | inet 2.2.2.254 netmask 0xffffffff broadcast |
inet6 fe80:: | inet6 fe80:: | ||
+ | inet6 2001: | ||
+ | inet6 2001: | ||
+ | carp: BACKUP vhid 3 advbase 1 advskew 200 | ||
+ | carp: BACKUP vhid 4 advbase 1 advskew 200 | ||
+ | media: Ethernet autoselect (10Gbase-T < | ||
+ | status: active | ||
nd6 options=21< | nd6 options=21< | ||
- | media: Ethernet 10Gbase-T < | ||
- | status: active | ||
- | carp: BACKUP vhid 2 advbase 1 advskew 200 | ||
</ | </ | ||
==== pf state ==== | ==== pf state ==== | ||
Line 271: | Line 281: | ||
Open a tmux session on R1 and generate 2 flows: | Open a tmux session on R1 and generate 2 flows: | ||
- | - A continous ping: ping 10.0.0.4 | + | - A continous ping: ping 2.2.2.4 |
- | - A echo session: telnet | + | - A echo session: telnet |
==== pf synchronisation ==== | ==== pf synchronisation ==== | ||
Line 279: | Line 289: | ||
< | < | ||
- | [root@VM3]~# pfctl -ss | + | [root@VM2]~# pfctl -ss |
- | all icmp 10.0.0.4:267 <- 192.168.10.1:267 0:0 | + | all carp fe80:: |
- | all icmp 192.168.10.1:267 -> 10.0.0.4:267 | + | all carp 2.2.2.2 -> 224.0.0.18 |
- | all tcp 10.0.0.4:7 <- 192.168.10.1: | + | all carp 192.168.10.2 -> 224.0.0.18 |
- | all tcp 192.168.10.1: | + | all pfsync |
- | all carp 224.0.0.18 <- 192.168.10.2 | + | all icmp 2.2.2.4:13399 <- 192.168.10.1: |
- | all carp 224.0.0.18 <- 10.0.0.2 | + | all icmp 192.168.10.1: |
- | all pfsync 224.0.0.240 <- 192.168.23.2 | + | all tcp 2.2.2.4:7 <- 192.168.10.1: |
+ | all tcp 192.168.10.1:11636 -> 2.2.2.4:7 | ||
</ | </ | ||
Line 293: | Line 304: | ||
< | < | ||
[root@VM3]~# | [root@VM3]~# | ||
- | all icmp 10.0.0.4: | ||
- | all icmp 192.168.10.1: | ||
- | all tcp 10.0.0.4:22 <- 192.168.10.1: | ||
- | all tcp 192.168.10.1: | ||
- | all carp 224.0.0.18 <- 10.0.0.2 | ||
all carp 224.0.0.18 <- 192.168.10.2 | all carp 224.0.0.18 <- 192.168.10.2 | ||
+ | all carp 224.0.0.18 <- 2.2.2.2 | ||
+ | all carp ff02::12 <- fe80:: | ||
+ | all pfsync 192.168.23.3 -> 224.0.0.240 | ||
all pfsync 224.0.0.240 <- 192.168.23.2 | all pfsync 224.0.0.240 <- 192.168.23.2 | ||
+ | all icmp 2.2.2.4: | ||
+ | all icmp 192.168.10.1: | ||
+ | all tcp 2.2.2.4:7 <- 192.168.10.1: | ||
+ | all tcp 192.168.10.1: | ||
</ | </ | ||
documentation/examples/pf_and_carp_lab.1499381562.txt.gz · Last modified: 2017/07/07 00:52 by 127.0.0.1